Please agree to add OpenSSL exception to Offlineimap

Sebastian Spaeth Sebastian at SSpaeth.de
Wed Sep 24 08:32:46 BST 2014


Taking this to the list, as it might be of interest to all.


On 24.09.2014 08:58, Johannes Stezenbach wrote:
> I hereby grant you the permission to change the license of my
> contributions to include the above openssl exception.
> 
> However, at the same time I'm not sure why it is needed since
> offlineimap is written in Python and thus not directly
> linked to OpenSSL, it only uses Python's ssl library.  Right?
> FWIW, offlineimap is not listed here:
> https://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html
> 
> The gist of this discussion also seems to indicate this license
> issue does not really exist:
> https://mail.python.org/pipermail/python-dev/2011-March/thread.html#109032

1) I am no lawyer :-).

2) There is a debian bug filed against offlineimap detailing specifics.
If you believe you are right, I would think, we should argue there.

3) Even using python-licensed abstractions inbetween, I do believe there
is some leeway to argue that offlineimap needs to adhere to the openssl
terms (e.g. the advertising clause), making it inherently incompatible
with python-based end user applications under the GNU GPL. Is this a
problem that would apply to all python-based apps using openssl?
Yes...,.  I'd rather be better safe than sorry here.

4) I have only started this initiative when people stated that
offlineimap would be potentially withdrawn from debian and the freeze
for the coming release is in November, so in case debian plays tough, we
need to be quick.

5) Better safe than sorry, and we have managed to get consent for more
than 80% of our code contributions within 24hours.

6) Fun Fact: I am still waiting for Steve Hanson from the OpenSSL
foundation to grant us an OpenSSL execption on his contribution :-).

I would be curious to find other python-based cases that were GNU GPL'd
apps got told off for sing openssl, or some discussion around the legal
stance, so if you have some, chime in.

For my part, would not have started this initiative if there had not
been specific action been taken against us (bugs filed), but now that I
started this, I believe adding the openssl exception won't hurt, so we
should pull it through.

Am I making sense?

Sebastian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20140924/d412a1a6/attachment-0003.sig>


More information about the OfflineIMAP-project mailing list